In what seems to be a rather intriguing u-turn, the UK Information Commissioner Office has now been found guilty of breaking UK privacy laws.
Back in July, the same ICO said that it wasn't probably worth acting against Google and issued a statement a few days ago after being pressured by several independent groups to act on Google's breach of UK law.
It was confirmed that the collection of data on UK soil by Google was indeed not fair and lawful - even if it was collected from open networks - and did, after all constitute a significant breach of the DPA".
The ICO said in a statement that "international data protection authorities that undertook in-depth investigations found fragments of personal data including emails, complete URLs and passwords. Following the admission by Google that personal data had indeed been collected, and the fact that Google used the same technology in the UK, the Commissioner decided that formal action was necessary."
Google will be subjected to an audit of paperwork and procedures, will have to sign a document saying that data protection abuses won't happen again, and, surprisingly, won't have to pay a £500,000 fine because Google's systematic data collection occurred before the 6th of April.
So that's literally a slap of the hand for what is a rather serious case; which brings up another observation. What would have happened if a smaller UK-based company had committed the same actions?